In January 2021 an unusually aggressive Chinese cyber espionage unit began utilizing four zero-day exploits to hack into tens of thousands of Microsoft Exchange servers worldwide.
These attacks allowed hackers to access domain-joined Exchange servers and install back doors, causing an unprecedented headache for many thousands of banks, non-profits, telecommunications providers, public utilities and police, fire and rescue units.
“It’s police departments, hospitals, tons of city and state governments and credit unions,” said one source who’s working closely with federal officials on the matter. “Just about everyone who’s running self-hosted Outlook Web Access and wasn’t patched as of a few days ago got hit with a zero-day attack.”
SphereShield’s Skype for Business customers using AGAT’s EWS Protector module were protected against these attacks, according to tests performed by AGAT engineers using publicly available testing tools.
Like most of AGAT’s products, EWS Protector limits server exposure to the minimum required. It blocks external access to unnecessary services such as Exchange OWA for Skype for Business customers, who only require EWS access for Calendar functionality.
EWS Protector also only permits specific clients and registered devices to access Exchange services, further eliminating attack surface for Zero Day exploits.
The above features successfully prevented intrusions into protected Microsoft Exchange Servers.